iSEC security consultants Don Bailey (left) and Matthew Solnik unlock a car using M2M (Credits: Eric Risberg/AP).

In Space Safety Magazine’s continuing coverage of the Black Hat 2012 Convention, correspondent Rachel C. Samples explores the capabilities of Machine to Machine technology and its potential risks for space assets.

In a session entitled War Texting: Weaponizing Machine to Machine Systems, Don A. Bailey  showed the audience how machine to machine (M2M) techniques have allowed his company to hack into cars. Bailey, a security consultant for iSEC Partners, Inc, introduced M2M technology and what can be done with it.

“M2M is any legacy engineering technology,” said Bailey. “Things that weren’t designed with the internet in mind.” These devices do not necessarily have to be old. What distinguishes M2M devices is their design: they were not intended to interact directly with external computers and their users. Some items that can be accessed via M2M include A-GPS tracking devices, 3G Security Cameras, and vehicles.

Bailey takes the example of a car, an SUV belonging to his fellow co-worker, to show how the M2M systems can be used by malefactors. A car is an ideal M2M system because it has internal computer components that are not supposed to interact with un-authorized users such as the customer. As seen in the video (below), Bailey’s team was able to unlock the car’s doors and start the car.

Exploiting M2M devices is an “attack line,” explains Bailey. A US UAV could become the target of “Tower Based Location Attack.” First a malefactor forces a device to disconnect from GPS. If a GPS signal is not available, UAVs are programmed to seek a back-up connection with a terrestrial tower. After this Bailey describes how a hacker would ‘spoof’ the system and force the database to recognize a different signal of his choosing.

In a conversation after the session, Bailey was asked to describe the difference between M2M attacks and industrial hacking such as the Stuxnet worm that was used to manipulate Iran’s nuclear facility in 2010. “Stuxnet was not an M2M, but they used vectors that are common,” said Bailey. “Stuxnet attacked computers or something that had an administrative interface.”

Are space assets, such as orbiting satellites, at risk from M2M hacking? Bailey at first thought “no.” After a few seconds of consideration, he clarified to state, “It depends on what the goal is.”

See Bailey and his colleague Matthew Solnik unlock and start a car via M2M technology:

Leave a Reply

Your email address will not be published. Required fields are marked *